CAC/Smartcard User Info Not Accepted, Must Use Domain Usr/pwd Instead For SSL Site
Having an issue with random individuals trying to access an intranet site with a security certificate. Most users are able to simply select their Smartcard/CAC certificate, enter the pin number and then are granted access to the site's pages.
However, random individuals enter their pin and then are immediately re-prompted by the IE alert dialogue to enter their domain username and password. If they don't enter their network domain username and MS password, then they receive a 401.1 Unauthorized.
I am confused as to why these certain users (who are selecting the same certificates as the successful ones) are being prompted for their domain name/pwd. Furthermore, they're able to access other sites which require a CAC to get past the security certificate.
Possible that a user token is unable to be established via a CAC for the particular site, but not sure why. Since these users are getting a 401.1, then somehow their identity associated with their CAC credentials is not validating.
In IIS: Anonymous users are not allowed (unchecked). 128-bit encryption is required with SSL. Integrated Windows Authentication is checked. Accepting client certificates In the site's web.config file all users are allowed and only anonymous are denied.
Developed in asp.net 3.5
We have tried to reproduce the problem in testing and development environments, but have fortunately/unfortunately been unable to duplicate this issue. This furthermore eludes to an issue that might be isolated to the production server, users access to it, and/or the certificate that is applied to that SSL website on that server.
The exact same setup is present on the development box without any issues at all, indicating to me that the problem resides on the production server's ability to properly receive/handle CAC information from those individuals or that something funky is going on with the way the security certificate is relating to the client's CAC x.509 certificate.
A little more information that may be of use: the browser prompt that initially asks for the CAC has nothing to do with the code of the site, but rather is enabled by applying the security certificate to a site in IIS; thus indicating to me that there is something written into the certificate that looks for client certificates tied to the ActivClient agent via the browser?
The violating users' cards work on all other applications and even on SSL sites on other servers that bring up a CAC prompt. I believe we have confirmed that the certificates associated with their cards and their IE browsers are valid through 2015 (or longer in some cases), and are the same in nature (x509 certificate from the card)... and issuer is being consistently selected as DOD Email CA-15 (though the regular DOD CA-15 works as well). Again, maybe something with the fact that it's isolated to one production server, something with the SSL cert. on that url or user access?
Then again, I probably have no idea what i'm talking about, just throwing a bone here to see if anyone has had the same issue or has any ideas.
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
Info On User Preferences For CentOS VPS
info on user preferences when buying a VPS for running CentOS. Feel free to PM me if you do not want your answers to be publicly displayed. When you are buying a VPS to run CentOS: 1. Do you want to install the operating system on it or do you want it pre-installed with defaults? 2. Do you want the server to run Gnome desktop or is SSH access enough? 3. If you have it running a desktop, is accessing it using VNC over an SSH tunnel connection acceptable or do you need some other way to access the GUI?
View Replies!
View Related
Database For Tracking Site Info
My company is just getting into web hosting. We currently have 10-15 sites that we are hosting. What do you guys use to keep track of all the details for the site (location, company info, etc). We're using a homegrown filemaker database atm, but we don't want to continue using this when we get 50+ sites. It doesn't matter if its web-based or a standalone program.
View Replies!
View Related
Info To Transfer Domain Out Of IX Hosting
Summary on Issue I have with IX Hosting I am disappointed on the option provide to me by IX webhosting to resolved my issue. Summary: 1. My hosting and domain was handle by a previous staff which is charge to a CC belong to that staff. 2. The staff was fired and he filled a chargeback with his CC without me knowing it on the hosting. 3. Account was then suspended and there isn't anything that I can do about it. Option left for me: 1. Nothing that IX webhosting is able to do beside asking me to recontact my ex staff to contact his bank which is not possible (the case was closed by the bank according to my ex staff when i was able to contact him). 2. Spending another 1 - 2 year time to rebuilt another website to bring in traffic since the url and hosting are frozen by IX webhosting. 3. Filled a complain to complain board and point this problem out to public where an admin or account making payment for URL and hosting can screwed up the company at any one point while hosting with IX webhosting.
View Replies!
View Related
SSL Certificate To Protect User Data
I recently bought an SSL certificate to protect user data. I installed the cert in WHM. But when I go to my website in https://, my browser says (Safari can’t open the page [url] because Safari can’t establish a secure connection to the server “*domain name*”.) Do you know what's happening and how to fix it? I've never dealt with SSL before, so this is very frustrating.
View Replies!
View Related
How To Pwd Protect Directories Without Cpanel
how to pwd protect directories with when using no control panel, I am planning to change the login details of the protected directories every few days as well as its top secret data, so I would like to know how to protect directories with pwd, I know how to do using control panel such as cPanel r Plesk but I am having no control panel at this interface I intend to share the files under this protected directories only to my team, so plz help me with codes if there are any its cent 0s5, apache handler
View Replies!
View Related
Domain.com Or Www.domain.com For SSL Certificates
I'm setting my first eCommerce site and right now I need to resolve the following issue. I need to install (well, the hosting company will do it for me) a SSL certificate and I need to know what is best or common practice, to use domainname.com or www.domainname.com I don't know what difference it would make but it seems to do so because the hosting company is asking me to choose. Being that I'm clueless about this, I would also appreciate a quick explanation on the benefits or downfalls of using either one.
View Replies!
View Related
Single User Can't Access Any Site On My Server
I have a user who says he cannot get to any site on my server from either home or work. He has been a user for many years, and has never had any problems. He has also checked with his IT at work and they confirmed the site is not available. He is computer savvy, so I trust he is telling the truth. His work and home are only 10 miles apart. Do you guys have any ideas what could be happening? Is there a DNS entry wrong somewhere? He can't access the site even when putting in the IP address. There is one other user reporting something similar but other than that no other complaints. The site works fine for everyone else. site is gm-trucks.com
View Replies!
View Related
FTP- Assign New User To 1st Site
i have been fumbling around trying to set up a first site on a fresh install of debian on a server... seems like helplessly for hours and hours, trying to figure out how this ftpd works with debian there are only 2 files from what i see on the server ftpchroot and ftpusers - i fianlly found the manual 'man ftpd' this helped a little... i found this in another thread, to maybe help with adding a user, does not work in my setup... adduser --home /home/username --shell /bin/false username (how do i remove this user that does not work?) my server path to sites is this /home/www/html/websitename.com/html what do i need to do to get ftp to actually work?
View Replies!
View Related
How Can I Make Sshd Lie About It's Accepted Authentication Methods
With my sshd installation, I have password authentication disabled, and only accept key-based auth. What I want to do is, make sshd lie about it's accepted authentication methods, or even make up a few to confuse anyone who's trying to connect. For example, [root@vps2 ~]# ssh hah.cx Permission denied (publickey). I'd like to make it show something like, [root@vps2 ~]# ssh hah.cx Permission denied
View Replies!
View Related
SSL On Normal Site ?
I had a client ask me earlier if there was any downsides to having his main site be SSL only ,not his billing his actual site. For exmaple it would be https://www.yoursite.com rather than the normal http and having that redirect to the https. Obviously he would need all his images being linked to https in order for it to be secure but apart from that, I couldn't think of any of the top of my head, I was wondering what you guys all thought.
View Replies!
View Related
Going Online With A New Site – SSL Certificate
I have plans of introducing a website so that I can start my online business. The site will be dealing in computer accessories and all the hardware stuff that is related to the computer field with an online purchase facility. But, before that I would like to know the pre-requisites that are needed to run a website of your own that has an online payment option, as I was informed about the SSL certificate issues by my developer and would like to know more on this from you people.
View Replies!
View Related
What Is Involed In Implimenting SSL Certificate To A Site
In theory i kind of understand, but just want to know what is involed in implimenting SSl to a site. I need SSL on a website which is hosted on a shared hosting server. I know I will need a dedicated IP address a then purchase a certificate from a company. would i have to install that on my account or would my host have to do it for me? and could i run my whole site on [url] its only a small site.
View Replies!
View Related
Exim: User Unknown (domain Forward)
One of my clients has 2 accounts: - foo.com, with a mail account info@foo.com. - bar.com, with domain forwarding to foo.com. Sending an email message to info@foo.com works. Sending an email message to info@bar.com doesn't work. When using the ZoneEdit SMTP test utility I get the following error message: Code: > RCPT TO:<info@bar.com> < 550 5.1.1 User unknown: info@bar.com I checked "/etc/vdomainaliases/bar.com" and "/etc/localdomains", they are configured properly. Any suggestions?
View Replies!
View Related
Ssl Certificate, Sub-domain
i just got this ssl certificate but i have some doubts how exactly should i set up the whole magic. i created the secure.domain.com which suppose to be the sub-domain for the login page which means when user decide to sign up/login to immediately transfer to the ssl state(sample: see ebay.com and then their https login page). so, far the home page which is domain.com(or www.domain.com) it doesn't need to be covered by the ssl. so, i was just wondering how do i play the game? i know it's kinda tricky and the key is somewhere in the sub-domain name(cP set up), .htaccess and/or index.php files but not very clear to me.
View Replies!
View Related
Limiting Cpu/memory Of A Single User/domain In Whm
i've been researching this but can't seem to find a decent solution. basically trying to limit the cpu usage of a single domain, or limit accesses per hour if that's possible? i tried adding an entry in /etc/security/limits.conf which restricts numproc to 2 and then down to 1, but it doens't seem to make any impact on the load. load of the server drops from about 1.5-2 down to 0.02 when this single site is suspended, and i can't have it run wild. ideally would like a message that says something along the lines of server is too busy... trying again in 5 seconds or something along those lines?
View Replies!
View Related
SSL For Any Domain Hosted On Single Server
is there any sort of ssl certificate that will 'secure' any domain, hosted on a single server? For example, I have the following domains and subdomains: google.com test.google.com mywebsite.com hello.example.com All will be hosted on the same server (same IP) and I want all to be secured, through a SIGNED certificate, not a self signed. I assumed that wildcard ssl would be fine for this, but I just took a look and it's only for subdomains: example.example.com hello.example.com. Is there any way of having every subdomain and domain secured, using ssl, through one certificate? I don't want to have to buy individual certificates for every domain, that'd be... expensive.
View Replies!
View Related
Create SSL Website Or Sub Domain - CPanel And No Panel
I would like to create an SSL website for parts of my domain. I have a few VPS's one running cPanel, the others running just Webmin. Now I have managed to install SSL as I can login to WHM/cPanel using the secure port fine. Also I have installed SSL on the Webmin VPS's as I followed www.webmin.com/ssl.html which tells you how. However I would like to get sections of my website secure i.e secure.mydomain.com would be HTTPS, and the rest of the site just normal HTTP.
View Replies!
View Related
1 SSL Cert... 1 Domain... 2 Servers. How To Setup A Backup Server
We have two in-house servers, one is hosting our public web server. The other one was just purchased to host a mirror of the production server (as a backup). The site is protected by an SSL cert... my question is how do i set up the server(s) so if/when the backup server needs to be switched into produciton, the SSL cert will transition flawlessly? They are both apache 2 servers.
View Replies!
View Related
Ssl Issues Wild Card, Server Wide, Domain, IP
I have installed ssls before but this is a once a year task and each time it comes up again I have to learn it all over again When would I use a wild card *.mydomain.com as apposed to just mydomain.com I hear talk also of a server wide ssl how is this possible do you create the ssl for the IP rather than the domain What is the best way to do this on a dedicated box with WHM/cpanel to where my users have secure access to their webmail, cpanel client area etc. I've searched the forums but i dont see much on the different uses of ssls just instructions on installation
View Replies!
View Related
Different Host And Domain Site
I want to buy a domain from Godaddy.com and host on a free webhost, that works really great. But I don't wanna get this problem when you visit the forum ->>> mydomain.com, I want it like this ->>> mydomain.com/forum/ and forum/index.php and all that stuff, so you can visit a thread directly. But in my experiences before, I just got the mydomain.com, even if I visited the forum or an another page. Should I put the DNS or what to get the godaddy domain to work fine with the free webhost?
View Replies!
View Related
Sub-domain Site Stats
I thought i may as well post this here having already contacted my host. Just thought you knowledgable people may be able to give me some insight to this? Well i am creating a sub-domain, and i obviously have site stats with AWStats for my primary domain name. If i was to create a sub-domain say example.sitename.com would i still receive the site stats for the sub as well as the primary one? Anyone had any experience on this? as midphase are good but generally take ages to get back to me and their response are rather general,
View Replies!
View Related
Setting Up A Site In A .local Domain
I have a web server running Server 2003 and IIS6. I can access everything fine via IP. Now I want to have a domain name work with it. The server is in a .local domain environment. Does anyone have any info on how I should setup DNS for the web server if the domain itself is not getting any DNS info from the outside? Is it just a matter of adding new A and NS records or do I need to be in a FQDN domain for it to work?
View Replies!
View Related
Access DirectAdmin Site Without Domain - Possible With CPanel
I'm new to using directadmin and I've got a problem; I've not yet switched the DNS over to the directadmin server 'cause I want to make sure the sites work first, however I can't find how to view the sites. With cpanel you can go to http://192.168.1.1/~username (where 192.168.1.1 = IP of server and username is username of account). is this possible with directadmin? I can't find anything about it, anywhere.
View Replies!
View Related
Htaccess - Moving Site From Subdomain To New Domain
I have what I think is kind of a unique situation with a site move and Google is not turning up an answer that seems to work. My site is currently in this format: www.mydomain.com/site/file.html And I am "moving" it but also switching from html to php, so the same file would be found at: site.mydomain.com/file.php I want to redirect users going to the old pages to their equivalent on the new site, however this is a little bit of a problem because this is a normal subdomain - it is the same directory as before but now there are php versions of the html files. Right now I have all of the http files redirecting to their php equivilents, but I don't believe this is a desirable solution. Also it creates a problem when people go to www.mydomain.com/site (not indicating a specific file; just the subdir root) because I have www.mydomain.com/site/index.html redirecting to www.mydomain.com/site/index.php. Quite a mess. My first option is to put the redirects in the htaccess file on the "old" site. But is this a problem because there are over 500 pages on the site? Does it create a heavy server load because any requests force the server to serve a huge htaccess file? The next alternative seems the most preferable although I'm not sure how to do it. It seems it could use wildcards so that anyone going to *.html gets directed to *.php or something like that. The only problem is that there are a small number of files that were removed completely and do not have php equivilants (about 5 or 6) and would need to redirect to the index.php in the root
View Replies!
View Related
Mystery Mirror/Mirroring My Client's Site Is On Another Domain But Why?
I'm having an issue with a client site and I am not sure what to do at this point. Conversations with the host (GoDaddy) haven't led to a solution and to be honest, I'm not sure it's their issue to handle although I will be firing off an email to their domain dispute department shortly. I spoke with a couple of supervisors there and they were as baffled as I am. Here's the situation: When people Google the name of the client's business, it returns their site but on a different domain. The entire site is there, nothing is changed but the URL. It's like having an unintentional mirror site except that none of the forms work which is what tipped off the users that something was wrong but of course, they don't notice that they're not actually on 'www.clientsite.com' so they think it's just a form error when in actuality, they're not even at the right domain. There is really no way for this other domain to profit from mirroring the client's site; it's just a business profile type of thing with a few forms for contact, employment applications and vendor applications. No secure info is transmitted other than perhaps the occasional email address but we're not talking a heavy volume site, it's a niche market and really not something that would be a typical target. There's no eCommerce, no subscriptions, no financial info. I'm at a total loss. Could this happen if this other site is hosted on the same server as my client's site? Could it be an actual error of some sort or would it have to be intentional? The whois for this bogus site leads to DomainsbyProxy.com and I'll be sending them a letter as well but I'd really appreciate any input you all might have on HOW this could happen. Should I also contact Google?
View Replies!
View Related
Rapid Site Deployment (database Driven Domain Name Server (DNS) + Apache Config)
I am trying to do something that I believe is fairly non-standard. What I am looking to do is create a system where I can rapidly deploy web sites without having to restart named and Apache. For example, if a customer completes a process, I want to be able to turn that site on immediately using a temporary domain (somecompany.example.com or othercompany.example.com). With some programming language (hopefully PHP) I would like to get the customer up and running with their site immediately without having to restart the server. While doing some research I found I could use MyDNS which uses MySQL to manage DNS data instead of configuration files. MyDNS can be updated on the fly. For Apache I have seen wildcard configurations, but everyone seems to be suggesting the use of mod rewrite. I would prefer that the domain maps directly to a specific folder: somecompany.example.com -> /sites/somecompany/htdocs (*.example.com -> /sites/*/htdocs) Does anyone know how I might do this with Apache. It seems similar to user directories (example.com/~username -> /home/*/htdocs)
View Replies!
View Related
/usr Is Full
I really need some help here. My /usr directory on my server is 95% full. Is there any change that I could change a space limit for this partition without OS reload? And if there is, how to do it?
View Replies!
View Related
/usr/bin/fakegauge
Is anybody aware what this file or what it is for? /usr/bin/fakegauge LFD on my cPanel CentOS 5.1 Linux box reported an md5 checksum failure on this file. I am not sure what it is for. I want to know if this is something I can get rid of or a sign that my server has been compromised.
View Replies!
View Related
/dev/sda6 (/usr) Is 89% Full
I have two dedicated servers.. On one of my servers, its 100% full and my 2nd one it's /dev/sda6 (/usr) is 89%. Can someone tell me what partion on a linux based server this is usually used for, and the steps by ssh I can do to clear it out?
View Replies!
View Related
Partition /usr Full 100%
i have problem and make all solution and the problem stay the /usr partition is full 100% i remove all logs in : /usr/local/apache/logs /usr/local/apache/domlogs and make du -h --max-depth=1 in /usr that's the monitor : Code: 76K ./doc 37M ./sbin 366M ./src 110M ./X11R6 14M ./php4 176K ./man 16K ./lost+found 24M ./evolution28 2.2G ./local 12K ./etc 19M ./libexec 1.2G ./share 62M ./include 181M ./bin 362M ./java 958M ./lib 1.4M ./kerberos 6.4G .
View Replies!
View Related
Permission Denied /usr/bin/maildrop
I have a VPS with Ubuntu 9.04. I've setup ISPConfig etc as per the Perfect Server Howto Forge pages. However I'm getting a problem with the configuration of maildrop, I get Code: temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied /usr/bin/maildrop: Unable to change to home directory. ls -lah /var/vmail Code: drwxr-xr-x 4 vmail vmail 4.0K Jul 27 04:19 . drwxr-xr-x 15 root root 4.0K Jul 26 13:01 .. -rw------- 1 vmail vmail 1.3K Jul 26 13:01 .mailfilter drwxr-xr-x 5 vmail vmail 4.0K Jul 26 17:15 siricom.co.uk -rw-rw---- 1 vmail vmail 4 Jul 27 04:19 ispconfig_mailsize drwxr-xr-x 2 root root 4.0K Jul 26 13:01 mailfilters grep vmail /etc/passwd Code: vmail:5000:5000::/home/vmail:/bin/sh
View Replies!
View Related
/usr/bin/php Overloads CPU
Moved to new server today (and upgraded PHP to 5.2.6). All I see now is high CPU load due bin/php + lots of defuncts. 24324 nobody 0 97.7 0.4 /usr/bin/php 21253 nobody 0 96.0 1.2 /usr/bin/php 28225 nobody 0 94.1 0.4 /usr/bin/php 18109 nobody 0 79.0 0.0 php <defunct> 12750 nobody 0 50.7 0.0 php <defunct> 24961 nobody 0 18.1 0.3 /usr/bin/php 18967 nobody 0 6.3 0.0 php <defunct> Once I click on process in WHM, it says: The Process no longer exists. Trying to trace this now.
View Replies!
View Related
/usr/bin/perl -w Hnc.cgi
When i was running top -cd2 command following scripts are taking high cup uses on server. But when we are go home directory we didn't find any thing. 24489 "User Name" 20 0 6732 5084 1164 S 8.0 0.2 11:00.69 /usr/bin/perl -w hnc.cgi 26456 "User Name" 20 0 6876 5080 1164 S 8.0 0.2 7:23.47 /usr/bin/perl -w hnc.cgi 32569 "User Name" 20 0 6748 5056 1164 S 7.5 0.2 8:57.30 /usr/bin/perl -w hnc.cgi update us why this script are running under some particular users and what the application of this script.
View Replies!
View Related
SSL And Non-SSL Files In Same Folder
My web host sets up public_html for http and public_ssl for https traffic. So, if I want my whole site to be secure, I place everything in public_ssl. However, I am using a shopping cart system inside a CMS. I want only certain parts to be secure - e.g. the last stage of the checkout procedure. At the moment, I can only achieve this by having two copies of the CMS/shopping cart, one in public_html and one in public_ssl. Whilst this approach works (at least from the shopper's point of view), there are lots of problems from a content management point of view. My host is of the opinion that "this is the only way it can be done". Is it possible to enable ssl on public_html, have a single copy of the cms there, and then switch between secure and non-secure mode as needed? If this is possible, can you provide me with a technical description of the setup that I can pass on to my host?
View Replies!
View Related
Proper SSL- Liquidweb SSL
I have a server qith liquidweb. Recently I'm getting the message.. host.domain.com used an invalid security certificate. The certificate is not trusted because it is self signed. Error code sec_error_untrusted_issuer Liquidweb is tell me I need an SSL certificate? I don't get it sicne I have a new server with them that doesnt get this error and another older one that doesnt get the error. OK find]e, whatever. I have free SSL's at namecheap from positivessl. Can I use this on my host.domain.com and will it give ssl to all the domains on the server? I host a whole bunch of domains on this server
View Replies!
View Related
|
TRACKER
